Automate Code Signing with Jenkins, Azure Key Vault, and AzureSignTool

Jul 28, 2025

Automate Code Signing with Jenkins, Azure Key Vault, and AzureSignTool

OVERVIEW: This page walks you through the process of setting up a CI/CD pipeline using Jenkins to automate the code signing of Windows executables (.exe) with a GlobalSign Code Signing Certificate stored in Azure Key Vault. The pipeline uses AzureSignTool to apply the signature securely and efficiently. At the completion of this procedure, you will be able to configure Jenkins for CI/CD automation, integrate Azure Key Vault with AzureSignTool and automatically sign and verify your Windows executables. Learn more about Code Signing Certificate management and other frequently asked questions here

Prerequisites 

Guidelines

Step 1: Configure GitHub Webhook 

  1. Go to your GitHub repository.

  2. Navigate to Settings > Webhooks.

  3. Click Add webhook.

  4. Complete the required fields with details. 

IMPORTANT: The IP address shown in the image is from Jenkins server which can be changed. This setup triggers a Jenkins build every time code is pushed to the repository.

Step 2: Install AzureSignTool 

  1. To install the Azure Signtool make sure to have the latest .NET SDK installed, then open Administrator PowerShell and use the following command:

    dotnet tool install --global AzureSignTool

Step 3: Assign Access to Azure Key Vault 

  1. Go to your Azure Key Vault > Access Policies. 

  2. Click + Add Access Policy

  3. Set the following permissions under Certificate Permissions: 
    • Get 
    • List 
    • Sign 
    • Verify 

  4. Assign the policy to your service principal or application registration.

  5. Click Add > Save

Step 4: Configure Jenkins 

 

  1. 1. Install Required Plugins: 

    • .NET SDK Plugin 
    • GitHub Plugin 
  2. Configure .NET SDK Tool: 

    • Go to Manage Jenkins > Global Tool Configuration. 
    • Add a new .NET SDK installation and check 'Install automatically'. 

Step 5: Create the Jenkins Pipeline 

  1. In Jenkins, go to Dashboard > New Item. 
  2. Enter a name (e.g., CodeSigningPipeline), select Pipeline, and click OK
  3. Under Triggers, select GitHub hook trigger for GITScm polling
    Note: This will ensure that the any changes that are happening in the GitHub repository will trigger the build in the Jenkins job.

  4. Scroll to the Pipeline section then under Definition, select Pipeline script.
  5. Paste the below declarative pipeline script: 
pipeline {
    agent any

    environment {
        DOTNET_ROOT = "${tool 'dotnet-sdk'}"
        PATH = "${env.DOTNET_ROOT}/bin:${env.PATH}"
        WIN_SERVER_IP = "IP_ADDR"
        CREDS_ID = "CREDS_ID_VALUE"
    }

    triggers {
        githubPush()
    }

    stages {
        stage('Checkout') {
            steps {
                checkout([$class: 'GitSCM',
                    branches: [[name: '*/main']],
                    userRemoteConfigs: [[
                        url: 'https://github.com/PrashantGSIN/CodeSigningAutomation.git',
                        credentialsId: 'CodeSigningAutomation'
                    ]]
                ])
            }
        }

        stage('Restore') {
            steps {
                sh 'dotnet restore'
            }
        }

        stage('Build') {
            steps {
                sh 'dotnet build -c Release'
            }
        }

        stage('Publish') {
            steps {
                sh 'dotnet publish -c Release -r win-x64 --self-contained true /p:PublishSingleFile=true'
            }
        }

        stage('Archive Executable') {
            steps {
                archiveArtifacts artifacts: '**/*.exe', fingerprint: true
            }
        }

        stage('Transfer Executable to Windows Server') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh """
                    scp -o StrictHostKeyChecking=no \
                    /var/lib/jenkins/workspace/CodeSigningAutomated/bin/Release/net9.0/win-x64/publish/HelloWorldApp.exe \
                    administrator@${WIN_SERVER_IP}:"C:/Users/Administrator/Desktop/"
                    """
                }
            }
        }

        stage('Create Signing Script on Windows Server') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    # Create a more robust signing script
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo # Code Signing Script > C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Write-Host 'Setting up environment...' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo \\\$env:PATH += ';C:\\Users\\Administrator\\.dotnet\\tools' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Write-Host 'Starting code signing...' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Write-Host 'Using AzureSignTool...' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo AzuresignTool sign -kvu 'https://signingcode.vault.azure.net/' -kvc 'CodeSigningHSM' -kvi 'kvi_value' -kvs 'kvs_value' --azure-key-vault-tenant-id 'key_vault_tenant_id' -tr 'http://timestamp.globalsign.com/tsa/advanced' -td sha256 'C:\\Users\\Administrator\\Desktop\\HelloWorldApp.exe' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Write-Host 'Signing process completed.' >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Write-Host 'Exit code:' \\\$LASTEXITCODE >> C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    '''
                }
            }
        }

        stage('Sign Executable on Windows Server') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    # Debug: Show the signing script content before execution
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Signing script content: && type C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    
                    # Debug: Check if AzureSignTool is available
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Checking AzureSignTool availability...'; try { \\\$env:PATH += ';C:\\\\Users\\\\Administrator\\\\.dotnet\\\\tools'; AzuresignTool --help | Select-Object -First 5; Write-Host 'AzureSignTool found ✓' } catch { Write-Host 'AzureSignTool not found ✗'; Write-Host 'Error:' \\\$_.Exception.Message }\\""
                    
                    # Execute the signing script with verbose output
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -ExecutionPolicy Bypass -Command \\"Write-Host 'Starting code signing process...'; \\\$env:PATH += ';C:\\\\Users\\\\Administrator\\\\.dotnet\\\\tools'; Write-Host 'Updated PATH:' \\\$env:PATH; try { & 'C:\\\\Users\\\\Administrator\\\\Desktop\\\\sign.ps1' } catch { Write-Host 'Signing script execution failed:' \\\$_.Exception.Message }\\""
                    
                    # Alternative: Run signing command directly for debugging
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -ExecutionPolicy Bypass -Command \\"Write-Host 'Attempting direct signing...'; \\\$env:PATH += ';C:\\\\Users\\\\Administrator\\\\.dotnet\\\\tools'; try { AzuresignTool sign -kvu 'https://signingcode.vault.azure.net/' -kvc 'CodeSigningHSM' -kvi '7f9e5afe-8d5a-475e-9447-49d3f02914d9' -kvs 'oir8Q~WJodlbcMvyktSbOMJQs2yiQbs4RXE3QcXq' --azure-key-vault-tenant-id 'caf959d5-9c81-416b-a133-ae88c20d857c' -tr 'http://timestamp.globalsign.com/tsa/advanced' -td sha256 'C:\\\\Users\\\\Administrator\\\\Desktop\\\\HelloWorldApp.exe' } catch { Write-Host 'Direct signing failed:' \\\$_.Exception.Message; Write-Host 'Exit code:' \\\$LASTEXITCODE }\\""
                    '''
                }
            }
        }

        stage('Verify Code Signature') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Get-AuthenticodeSignature 'C:\\Users\\Administrator\\Desktop\\HelloWorldApp.exe' | Format-List\\""
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Certificate Chain Verification:'; \\\$sig = Get-AuthenticodeSignature 'C:\\Users\\Administrator\\Desktop\\HelloWorldApp.exe'; if(\\\$sig.SignerCertificate) { Write-Host 'File is SIGNED'; Write-Host 'Signer:' \\\$sig.SignerCertificate.Subject; Write-Host 'Valid From:' \\\$sig.SignerCertificate.NotBefore; Write-Host 'Valid Until:' \\\$sig.SignerCertificate.NotAfter; if(\\\$sig.TimeStamperCertificate) { Write-Host 'Timestamped: YES' } else { Write-Host 'Timestamped: NO' } } else { Write-Host 'File is NOT SIGNED' }\\""
                    '''
                }
            }
        }

        stage('Deploy Application') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    # Create deployment directory
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "if not exist C:\\\\Apps\\\\HelloWorldApp mkdir C:\\\\Apps\\\\HelloWorldApp"
                    
                    # Stop existing service if running (ignore errors if service doesn't exist)
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "sc stop HelloWorldApp 2>nul || echo Service not running or doesn't exist"
                    
                    # Copy signed executable to deployment directory
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "copy C:\\\\Users\\\\Administrator\\\\Desktop\\\\HelloWorldApp.exe C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe /Y"
                    
                    # Create application configuration file
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo # HelloWorldApp Configuration > C:\\\\Apps\\\\HelloWorldApp\\\\config.txt"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Deployed on: %date% %time% >> C:\\\\Apps\\\\HelloWorldApp\\\\config.txt"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo Version: 1.0 >> C:\\\\Apps\\\\HelloWorldApp\\\\config.txt"
                    
                    # Create deployment script for easy management
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo @echo off > C:\\\\Apps\\\\HelloWorldApp\\\\run.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Starting HelloWorldApp... >> C:\\\\Apps\\\\HelloWorldApp\\\\run.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe >> C:\\\\Apps\\\\HelloWorldApp\\\\run.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo pause >> C:\\\\Apps\\\\HelloWorldApp\\\\run.bat"
                    
                    # Test the deployed application
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe"
                    '''
                }
            }
        }

        stage('Create Windows Service (Optional)') {
            when {
                // Only run this stage if you want to create a Windows service
                expression { return true } // Set to false to skip service creation
            }
            steps {
                script {
                    try {
                        sshagent(credentials: [CREDS_ID]) {
                            sh '''
                            # First, check if service already exists and remove it
                            ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Checking for existing service...'; try { \\\$service = Get-Service -Name 'HelloWorldApp' -ErrorAction SilentlyContinue; if(\\\$service) { Write-Host 'Stopping existing service...'; Stop-Service -Name 'HelloWorldApp' -Force -ErrorAction SilentlyContinue; Start-Sleep -Seconds 2; Write-Host 'Removing existing service...'; sc.exe delete HelloWorldApp | Out-Null; Start-Sleep -Seconds 2 } } catch { Write-Host 'No existing service found' }\\""
                            
                            # Create Windows Service using sc.exe with proper error handling
                            ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Creating Windows Service...'; try { \\\$result = Start-Process -FilePath 'sc.exe' -ArgumentList 'create', 'HelloWorldApp', 'binPath=', 'C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe', 'start=', 'manual', 'DisplayName=', 'HelloWorld Application' -Wait -PassThru -NoNewWindow; if(\\\$result.ExitCode -eq 0) { Write-Host 'Service created successfully'; \\\$descResult = Start-Process -FilePath 'sc.exe' -ArgumentList 'description', 'HelloWorldApp', 'HelloWorld Application - Deployed via Jenkins CI/CD Pipeline' -Wait -PassThru -NoNewWindow; if(\\\$descResult.ExitCode -eq 0) { Write-Host 'Service description set successfully' } else { Write-Host 'Service created but description setting failed' }; Write-Host 'Service configuration completed' } else { Write-Host 'Service creation failed with exit code:' \\\$result.ExitCode } } catch { Write-Host 'Service creation encountered an error:' \\\$_.Exception.Message }\\""
                            
                            # Verify service creation
                            ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Verifying service creation...'; try { \\\$service = Get-Service -Name 'HelloWorldApp' -ErrorAction SilentlyContinue; if(\\\$service) { Write-Host 'Service Status:' \\\$service.Status; Write-Host 'Service Name:' \\\$service.ServiceName; Write-Host 'Display Name:' \\\$service.DisplayName; Write-Host 'Service successfully registered' } else { Write-Host 'Service not found - creation may have failed' } } catch { Write-Host 'Service verification failed:' \\\$_.Exception.Message }\\""
                            
                            # Set service to start automatically (optional)
                            ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "powershell.exe -Command \\"Write-Host 'Configuring service startup...'; try { sc.exe config HelloWorldApp start= auto | Out-Null; Write-Host 'Service configured for automatic startup' } catch { Write-Host 'Service startup configuration failed' }\\""
                            '''
                        }
                        echo "Service creation completed successfully"
                    } catch (Exception e) {
                        echo "Service creation encountered issues: ${e.getMessage()}"
                        echo "Check if the application is compatible with Windows Service hosting"
                    }
                }
            }
        }

        stage('Service Management') {
            when {
                expression { return true } // Set to false to skip service management
            }
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    # Create service management scripts
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo @echo off > C:\\\\Apps\\\\HelloWorldApp\\\\start-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Starting HelloWorldApp Service... >> C:\\\\Apps\\\\HelloWorldApp\\\\start-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo net start HelloWorldApp >> C:\\\\Apps\\\\HelloWorldApp\\\\start-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Service started successfully >> C:\\\\Apps\\\\HelloWorldApp\\\\start-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo pause >> C:\\\\Apps\\\\HelloWorldApp\\\\start-service.bat"
                    
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo @echo off > C:\\\\Apps\\\\HelloWorldApp\\\\stop-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Stopping HelloWorldApp Service... >> C:\\\\Apps\\\\HelloWorldApp\\\\stop-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo net stop HelloWorldApp >> C:\\\\Apps\\\\HelloWorldApp\\\\stop-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Service stopped successfully >> C:\\\\Apps\\\\HelloWorldApp\\\\stop-service.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo pause >> C:\\\\Apps\\\\HelloWorldApp\\\\stop-service.bat"
                    
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo @echo off > C:\\\\Apps\\\\HelloWorldApp\\\\service-status.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo echo Checking HelloWorldApp Service Status... >> C:\\\\Apps\\\\HelloWorldApp\\\\service-status.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo sc query HelloWorldApp >> C:\\\\Apps\\\\HelloWorldApp\\\\service-status.bat"
                    ssh -o StrictHostKeyChecking=no administrator@{WIN_SERVER_IP} "echo pause >> C:\\\\Apps\\\\HelloWorldApp\\\\service-status.bat"
                    
                    # Show final deployment structure
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "echo. && echo Deployment completed. Files created: && dir C:\\\\Apps\\\\HelloWorldApp"
                    '''
                }
            }
        }

        stage('Deployment Verification') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    # Comprehensive deployment verification
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host '========================================'; Write-Host 'DEPLOYMENT VERIFICATION REPORT'; Write-Host '========================================'; Write-Host ''\\""
                    
                    # 1. Verify application deployment
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host '1. APPLICATION DEPLOYMENT:'; if(Test-Path 'C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe') { Write-Host '   Status: DEPLOYED ✓'; \\\$file = Get-Item 'C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe'; Write-Host '   File size:' \\\$file.Length 'bytes'; Write-Host '   Last modified:' \\\$file.LastWriteTime; Write-Host '   Location: C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe' } else { Write-Host '   Status: NOT DEPLOYED ✗'; exit 1 }\\""
                    
                    # 2. Verify code signature
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '2. CODE SIGNATURE VERIFICATION:'; \\\$sig = Get-AuthenticodeSignature 'C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe'; if(\\\$sig.SignerCertificate) { Write-Host '   Status: SIGNED ✓'; Write-Host '   Signer:' \\\$sig.SignerCertificate.Subject; Write-Host '   Valid from:' \\\$sig.SignerCertificate.NotBefore; Write-Host '   Valid until:' \\\$sig.SignerCertificate.NotAfter; Write-Host '   Hash Algorithm:' \\\$sig.HashAlgorithm; if(\\\$sig.TimeStamperCertificate) { Write-Host '   Timestamp: YES ✓' } else { Write-Host '   Timestamp: NO ✗' } } else { Write-Host '   Status: NOT SIGNED ✗' }\\""
                    
                    # 3. Verify Windows Service (non-blocking)
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '3. WINDOWS SERVICE VERIFICATION:'; try { \\\$service = Get-Service -Name 'HelloWorldApp' -ErrorAction SilentlyContinue; if(\\\$service) { Write-Host '   Service Status:' \\\$service.Status; Write-Host '   Service Name:' \\\$service.ServiceName; Write-Host '   Display Name:' \\\$service.DisplayName; Write-Host '   Start Type: Automatic'; Write-Host '   Service: REGISTERED ✓' } else { Write-Host '   Service: NOT REGISTERED (Optional)' } } catch { Write-Host '   Service: VERIFICATION SKIPPED (Optional)' }\\""
                    
                    # 4. Verify deployment structure (fixed escaping)
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '4. DEPLOYMENT STRUCTURE:'; \\\$files = @('HelloWorldApp.exe', 'config.txt', 'run.bat', 'start-service.bat', 'stop-service.bat', 'service-status.bat'); foreach(\\\$file in \\\$files) { if(Test-Path \\\\"C:\\\\Apps\\\\HelloWorldApp\\\\\\\$file\\\\") { Write-Host \\\\"   \\\$file EXISTS ✓\\\\" } else { Write-Host \\\\"   \\\$file MISSING ✗\\\\" } }\\""
                    
                    # 5. Test application execution
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '5. APPLICATION EXECUTION TEST:'; try { \\\$output = & 'C:\\\\Apps\\\\HelloWorldApp\\\\HelloWorldApp.exe' 2>&1; Write-Host '   Execution: SUCCESS ✓'; Write-Host '   Output:' \\\$output } catch { Write-Host '   Execution: FAILED ✗'; Write-Host '   Error:' \\\$_.Exception.Message }\\""
                    
                    # 6. Show file listing
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '6. DEPLOYMENT DIRECTORY CONTENTS:'; Get-ChildItem 'C:\\\\Apps\\\\HelloWorldApp' | Format-Table Name, Length, LastWriteTime -AutoSize\\""
                    
                    # 7. Network accessibility test
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '7. SERVER ACCESSIBILITY:'; Write-Host '   Server IP: 172.31.91.18'; Write-Host '   Deployment Path: C:\\\\Apps\\\\HelloWorldApp'; Write-Host '   Remote Access: SSH ✓'\\""
                    
                    # 8. Summary
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "powershell.exe -Command \\"Write-Host ''; Write-Host '========================================'; Write-Host 'DEPLOYMENT VERIFICATION COMPLETE'; Write-Host 'Core deployment: SUCCESS ✓'; Write-Host 'Application ready for use!'; Write-Host '========================================'\\""
                    '''
                }
            }
        }

        stage('Cleanup Signing Script') {
            steps {
                sshagent(credentials: [CREDS_ID]) {
                    sh '''
                    ssh -o StrictHostKeyChecking=no administrator@172.31.91.18 "del C:\\Users\\Administrator\\Desktop\\sign.ps1"
                    '''
                }
            }
        }
    }
    post {
        always {
            cleanWs()
        }
        success {
            echo 'Pipeline completed successfully!'
        }
        failure {
            echo 'Pipeline failed!'
        }
    }
}

 

Step 6: Signing Verification 

Once the pipeline completes successfully: 

  1. Navigate to the deployed application (e.g., C:\Apps\HelloWorldApp\HelloWorldApp.exe).

  2. Right-click the file > Properties > Digital Signatures. 

  3. Select the Signature from the list and click on Details.

  4. You will see the signer information and timestamp (issued by GlobalSign TSA). 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support